OSN MARCH 19, 2021

Fortify Security Team
Mar 19, 2021

Title: Russian Pleads Guilty to Tesla Hacking and Extortion Attempt
Date Published: March 19, 2021

https://www.bleepingcomputer.com/news/security/russian-pleads-guilty-to-tesla-hacking-and-extortion-attempt/

Excerpt: “Russian national Egor Igorevich Kriuchkov has pleaded guilty to recruiting a Tesla employee to plant malware designed to steal data within the network of Tesla’s Nevada Gigafactory. His end goal was to extort the company using the sensitive information stolen from Tesla’s servers as leverage to convince the company to pay a ransom to avoid having the data leaked. To convince the company’s employee to act as an insider for his criminal gang, Kriuchkov told him that he would be paid $1,000,000 worth of bitcoins after the malware got deployed on the company’s network, according to court documents.”

Title: New Windows 10 Emergency Updates Fix Remaining Printing Issues
Date Published: March 19, 2021

https://www.bleepingcomputer.com/news/microsoft/new-windows-10-emergency-updates-fix-remaining-printing-issues/

Excerpt: “Microsoft has released the Windows 10 KB5001649 emergency update to fix printing issues plaguing users since the March 2021 Patch Tuesday updates. On March 9th, Microsoft released their March 2021 Patch Tuesday security updates and cumulative updates for Windows. Windows 10 would crash when printing with an “APC_INDEX_MISMATCH for win32kfull.sys” error or printed pages would have missing graphics, black bars, or blank pages.”

Title: CISA and FBI Warn of Ongoing Trickbot Attacks
Date Published: March 19, 2021

https://securityaffairs.co/wordpress/115743/malware/cisa-fbi-trickbot-attacks.html

Excerpt: “CISA and FBI are aware of recent attacks that use phishing emails, claiming to contain proof of a traffic violation, to steal sensitive information. The phishing emails contain links that redirect to a website hosted on a compromised server that prompts the victim to click on photo proof of their traffic violation.” continues the report. “In clicking the photo, the victim unknowingly downloads a malicious JavaScript file that, when opened, automatically communicates with the malicious actor’s command and control (C2) server to download TrickBot to the victim’s system”.”

Title: ESET Exposes Malware Disguised as Clubhouse App
Date Published: March 19, 2021

https://www.infosecurity-magazine.com/news/eset-malware-disguised-clubhouse/

Excerpt: “Revealing its findings in a blog post, the cybersecurity firm said the Trojan malware aims to steal users’ login information for a variety of online services. Disguised as an Android version of the audio chat app (which does not current exist), it is capable of taking credentials for over 450 apps and is also able to bypass SMS-based two factor authentication (2FA).”

Title: Playstation 5 Contest Scam
Date Published: March 19, 2021

https://www.kaspersky.com/blog/scam-with-playstation-5-giveaway/39089/

Excerpt: “The page ramps up the phishing pressure, saying you’re one of ten lucky visitors who can win the coveted console this week, but you have to act in the next minute and 18 seconds — just enough time to complete the short survey and enter the drawing. This, of course, is another example of a pretty effective phishing tactic: Ramp up the pressure with an artificial time constraint and people will panic and rush instead of slowing down to apply critical thinking.”

Title: Microsoft Defender Adds Automatic Exchange Proxylogon Mitigation
Date Published: March 19,  2021

https://www.bleepingcomputer.com/news/security/microsoft-defender-adds-automatic-exchange-proxylogon-mitigation/

Excerpt: “The Microsoft Defender automatic protection from active attacks targeting unpatched Exchange servers works by breaking the attack chain. It automatically mitigates CVE-2021-26855 via a URL Rewrite configuration and scans the servers for changes made by previous attacks, automatically reversing them. “With the latest security intelligence update, Microsoft Defender Antivirus and System Center Endpoint Protection will automatically mitigate CVE-2021-26855 on any vulnerable Exchange Server on which it is deployed,” Microsoft added.”

Title: Revil Ransomware Has a New ‘Windows Safe Mode’ Encryption Mode
Date Published: March 19,  2021

https://www.bleepingcomputer.com/news/security/revil-ransomware-has-a-new-windows-safe-mode-encryption-mode/

Excerpt: “The REvil ransomware operation has added a new ability to encrypt files in Windows Safe Mode, likely to evade detection by security software and for greater success when encrypting files. Windows Safe Mode is a special startup mode that allows users to run administrative and diagnostic tasks on the operating system. This mode only loads the bare minimum of software and drivers required for the operating system to work. Furthermore, any programs installed in Windows that are configured to start automatically will not start in Safe Mode unless their autorun is configured a certain way.”

Title: New macOS malware XcodeSpy Targets Xcode Developers with EggShell Backdoor
Date Published: March 18, 2021

https://labs.sentinelone.com/new-macos-malware-xcodespy-targets-xcode-developers-with-eggshell-backdoor/

Excerpt: “This year has brought two disturbing new trends into prominence: the targeting of developers and the use of supply chain attacks to infect broad swaths of customers. Targeting software developers is the first step in a successful supply chain attack. One way to do so is to abuse the very development tools necessary to carry out this work. In Jan 2021, Google TAG announced their discovery of a North Korean campaign targeting security researchers and exploit developers. One of the methods of infection entailed the sharing of a Visual Studio project designed to load a malicious DLL. In this post, we discuss a similar attack targeting Apple developers through malicious Xcode projects.”

Title: Mysterious Bug Is Deleting Microsoft Teams, SharePoint Files
Date Published: March 18, 2021

https://www.bleepingcomputer.com/news/microsoft/mysterious-bug-is-deleting-microsoft-teams-sharepoint-files/

Excerpt: “Microsoft later confirmed that the outage was caused by a configuration issue in their Azure Active Directory service. Since Tuesday, BleepingComputer has spoken to numerous Microsoft SharePoint administrators bombarded with client calls about missing files in their SharePoint folders. When the admins look into the issue, they find the SharePoint folder structure to be intact, but all of the files are missing. Eventually, they find that the files have been deleted and are now located in SharePoint’s cloud recycle bin, or in some cases, a local PC’s Recycle Bin.”

Title: FBI: Business Email Compromise Cost $1.8B in 2020
Date Published: March 18, 2021

https://www.darkreading.com/attacks-breaches/fbi-business-email-compromise-cost-$18b-in-2020/d/d-id/1340452

Excerpt: “Officials report BEC scams have evolved since 2013, when these attacks typically spoofed email accounts of chief executive officers or chief financial officers and requested wire payments. The scams have since evolved to compromise personal emails and vendor emails. In 2020, the IC3 saw more BEC complaints detail identity theft and funds being converted into cryptocurrency. In the latest BEC attacks, a victim is targeted with a different type of scam: extortion, tech support, or romance scams, among others. The victim provides an attacker with a form of identification, which is then used to create a bank account and receive stolen BEC funds that are later transferred into a cryptocurrency account.”

Recent Posts

OSN November 2, 2021

Title: Possible Cyber Attack Hits ‘Brain’ of N.L. Health-care System, Delaying Thousands of Appointments Date Published: November 1, 2021 cbc.ca/news/canada/newfoundland-labrador/health-services-it-outage-update-nov-1-1.6232426 Excerpt: "A cyberattack appears to be...

OSN November 1, 2021

Title: New 'Trojan Source' Technique Lets Hackers Hide Vulnerabilities in Source Code Date Published: November 1, 2021 https://thehackernews.com/2021/11/new-trojan-source-technique-lets.html Excerpt: "A novel class of vulnerabilities could be leveraged by threat...

OSN October 29, 2021

Title: Footprinting and Reconnaissance using Windows OS Date Published: October 29, 2021 https://medium.com/@the_harvester/footprinting-and-reconnaissance-using-windows-os-36760fb47870 Excerpt: "This blog is in continuation previous blog on footprinting and...

OSN October 28, 2021

Title: Ransomware Gangs Use SEO Poisoning To Infect Visitors Date Published: October 28, 2021 https://www.bleepingcomputer.com/news/security/ransomware-gangs-use-seo-poisoning-to-infect-visitors/ Excerpt: "According to the findings of the Menlo Security team, SEO...

OSN August 31, 2021

Title: Cyberattacks Use Office 365 to Target Supply Chain Date Published: August 31, 2021 https://securityintelligence.com/articles/cyberattacks-office-365-supply-chain/ Excerpt: “Supply chain cyberattacks involving Office 365 are effective in that they enable threat...

OSN August 30, 2021

Title: New Mirai Variant Targets WebSVN Command Injection Vulnerability (CVE-2021-32305) Date Published: August 30, 2021 https://unit42.paloaltonetworks.com/cve-2021-32305-websvn/ Excerpt: “Analysis of this malware reveals that it is used to perform distributed denial...

OSN August 27, 2021

Title: Microsoft Azure Vulnerability Exposed Thousands of Cloud Databases Date Published: August 27, 2021 https://www.cyberscoop.com/microsoft-azure-cloud-vulnerability/ Excerpt: “The flaw would have allowed any Azure Cosmos DB user to read, write and delete another...